On Sat, 2008-04-19 at 19:44 -0500, Luke Kanies wrote:
> The code looks like this:
>
> # Verify a given host's certificate.
> def verify(name)
> unless cert = Puppet::SSL::Certificate.find(name)
> raise ArgumentError, "Could not find a certificate for
> %s" % name
> end
> store = OpenSSL::X509::Store.new
> store.add_file Puppet[:cacert]
> store.add_crl crl.content if self.crl
> store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
>
> unless store.verify(cert.content)
> raise "Certificate for %s failed verification" % name
> end
> end
IIRC, the secret sauce is
store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK
Have a look at test_crl in test/certmgr/certmgr.rb
My recollection of that code is hazy at best, but I found the ssl test
suite that ruby uses pretty instructive in deciphering the inscrutable
OpenSSL API's
David
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/puppet-dev?hl=en
-~----------~----~----~----~------~----~------~--~---
